Frankfurter Volksbank Invests in Illumio for
Compliance Success

Meeting key regulatory requirements with micro-segmentation

Frankfurter_Volksbank_logo

Summary

Industry: Financial Services

Environment: On-premises data centers

Challenge: Complying with ISO 2700x security standards and the German Federal Financial Supervisory Authority (BaFin) mandates

Solution: Illumio Core for complete network visibility and host-based segmentation to isolate critical systems and ringfence applications that are part of the banking environment

Results: : Ease of use to maximize security and compliance posture; minimized risk of operational disruptions through test and automation capabilities; simplified, on-demand reporting for auditors

Customer Overview & Challenge

Frankfurter Volksbank is a cooperative universal bank that provides comprehensive financial services for 250,000 members and 600,000 private customers and medium-sized companies in the Rhine-Main region of Germany – all of which amounts to a high number of regulatory demands to ensure transaction security. The German Federal Financial Supervisory Authority (BaFin) requires compliance with the provisions of the German Banking Act (KWG), the Minimum Requirements for Risk Management (MaRisk), and the Banking Supervisory Requirements for IT (BAIT). Conformity with ISO 2700x standards is also required.

For Head of IT Steffen Nagel, the pressure was on to find a security solution that would address essential requirements for compliance: complete network visibility and the ability to segment systems and applications that are part of the banking environment. With 20 years of experience with traditional network segmentation, Steffen knew it was time to look for a new solution.

“Considering our available resources and the complexity of the task at hand, it was simply impossible to achieve our compliance goals through traditional approaches.”

Illumio Solution

Steffen quickly landed on Illumio Core as the superior solution. “The ability to segment at the host level and enforce policy with native OS firewalls solved the problem in an elegant way,” he explained.

Speed and ease have been defining facets of the team’s micro-segmentation experience from the start. Their move from proof of concept to production went smoothly and swiftly, with no impact on business operations.

“From a technical point of view, policy creation is where most of the work usually lies. But this is extremely simple with Illumio’s testing and automation capabilities.”

With Illumio policies in place, Frankfurter Volksbank has maintained ISO 2700x compliance requirements for segmentation. They have also addressed BAIT and MaRisk specifications, from environmental separation (isolating development, test, and production) to ringfencing applications.

Illumio Core’s Illumination real-time application dependency map has been invaluable to the team and auditors alike. The map helped them fulfill the BAIT requirement for “an up-to-date overview of the components of the defined information network” and provides an application-centric view of their environment. It is an easy way for auditors to see connectivity and enforced policies, eliminating piles of Word documents to prove compliance.

They’ve taken full advantage of the power of the map by adding Illumio’s vulnerability map offering, which ingests vulnerability scan results to provide insights into their most vulnerable workloads and pathways attackers may exploit.

“With Illumio, we have made a significant leap to maximize security and minimize the risk of operational disruptions,” said Steffen.

Customer Benefits

Clear-cut compliance without disruption

Host-based micro-segmentation has made the path to compliance efficient, with no impact on the network or disruption to operations.

Real-time visibility and security insights

The comprehensive map of application traffic and communications is integral to implementing segmentation and making policy decisions.

quote

Illumio has filled a gap for which there was previously no solution. In addition to meeting compliance regulations, we have seen drastic improvements in our overall security posture.

Steffen Nagel, Head of Information Technology